David Mehren c32b1cf42b Don't store mermaid diagrams in innerHTML ...

Using jQuery's `.html()` method stores the given string as `innerHTML`, which enables injection of arbitrary DOM elements.
Using `.text()` instead mitigates this issue.

Signed-off-by: David Mehren <git@herrmehren.de>

2020-12-27 10:14:27 +01:00

38 KiB

Raw Blame History

View Raw